Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to configure RCE API with Nginx ? #11

Open
seifoueddine opened this issue May 6, 2020 · 1 comment
Open

How to configure RCE API with Nginx ? #11

seifoueddine opened this issue May 6, 2020 · 1 comment

Comments

@seifoueddine
Copy link

I make this

server {
    listen          3000 SSL;
    server_name     xxxx.net;
    passenger_startup_file app.js;
    passenger_app_type node;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/vmi370955.contaboserver.net/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/vmi370955.contaboserver.net/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot




location /var/canvas/canvas-rce-api {

    # Activer le proxy
    proxy_set_header                X-Real-IP $remote_addr;
    proxy_set_header                X-Forwarded-For $proxy_add_x_forwarded_for;
    # proxy_pass                    http://xxxx.net:3000;
    proxy_redirect                  off;
    proxy_buffers                   32 16k;
    proxy_busy_buffers_size         64k;

   }

but I still have problem cors !!

  Access to fetch at 'https://xxxxr.net:3000/api/folders? 
  contextType=course&contextId=1' from origin 'https://xxxx.net' has been 
blocked by CORS policy: Response to preflight request doesn't pass access control check: No 
'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque    
response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

I really added CORS headers but doesn't work

add_header 'Access-Control-Allow-Origin' 'https://xxxx.net:3000';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X- 
CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache- 
Control,Content-Type,Content-Range,Range';
add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH';

any ideas please !
@amujib
Copy link

amujib commented Jun 7, 2021

Your CORS header should be
add_header 'Access-Control-Allow-Origin' 'https://xxxx.net';

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@seifoueddine @amujib